Clear & Backup Windows Event Logs
This Procedure performs a backup of the Application, Security and System Event logs on Windows systems and then clears them out.
Backups are created in the 'c:\logs' directory of the remote endpoint using a date stamp in the YYYYMMDD format (so automatic sorting takes place based on the file name.
It includes testing for the existence of the required tool (WEVTUTIL.ExE) and actual backup files to prevent the procedure from running twice on the same day. But also if none exists after having run the command, to conclude that no records were found for the backup & clearing to take place.
Clear & Backup Windows Event Logs has no reviews.
Can you create a version that does not delete event logs? Or tell me which lines to delete so I can customize this procedure myself? I just want to download logs, not delete them. Thanks.
Hi Samuel, that is actually quite easy to do. Lines 27, 48 and 69 deal with clearing ánd backing up the event logs, respectively for the Application, Security and System logs.
What you need to is try and start 'wevtutil.exe /?' utility at a target machine using the command shell. This will show you all available arguments and how to construct the syntax.
When you do that you'll find, and actually these lines 27, 48 and 69 already give it away really, that actually all you need to do is remove the 'clear-log' text from these lines and you're good to go.
Just a couple of pointers when working with agent procedures:
* Always work on a copy of the original
* Always test the command to use with complete syntax on a test machine directly, using the command shell.
* Log messages, log message, log messages to the Agent Procedure log for good debugging.
Good luck and don't forget the help file is a huge help and there is content available on our university as well if you want to learn more about agent procedures, ask your sales rep for more info!
Onno de Vries